Class: Google::Apis::ServiceconsumermanagementV1beta1::AuthProvider
- Inherits:
-
Object
- Object
- Google::Apis::ServiceconsumermanagementV1beta1::AuthProvider
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb,
generated/google/apis/serviceconsumermanagement_v1beta1/representations.rb,
generated/google/apis/serviceconsumermanagement_v1beta1/representations.rb
Overview
Configuration for an authentication provider, including support for JSON Web Token (JWT).
Instance Attribute Summary collapse
-
#audiences ⇒ String
The list of JWT audiences.
-
#authorization_url ⇒ String
Redirect URL if JWT token is required but not present or is expired.
-
#id ⇒ String
The unique identifier of the auth provider.
-
#issuer ⇒ String
Identifies the principal that issued the JWT.
-
#jwks_uri ⇒ String
URL of the provider's public key set to validate signature of the JWT.
-
#jwt_locations ⇒ Array<Google::Apis::ServiceconsumermanagementV1beta1::JwtLocation>
Defines the locations to extract the JWT.
Instance Method Summary collapse
-
#initialize(**args) ⇒ AuthProvider
constructor
A new instance of AuthProvider.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ AuthProvider
Returns a new instance of AuthProvider.
161 162 163 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 161 def initialize(**args) update!(**args) end |
Instance Attribute Details
#audiences ⇒ String
The list of JWT audiences. that are allowed to access. A JWT containing any
of these audiences will be accepted. When this setting is absent, JWTs with
audiences: - "https://[service.name]/[google.protobuf.Api.name]" - "https://[
service.name]/" will be accepted. For example, if no audiences are in the
setting, LibraryService API will accept JWTs with the following audiences: -
https://library-example.googleapis.com/google.example.library.v1.
LibraryService - https://library-example.googleapis.com/ Example: audiences:
bookstore_android.apps.googleusercontent.com, bookstore_web.apps.
googleusercontent.com
Corresponds to the JSON property audiences
117 118 119 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 117 def audiences @audiences end |
#authorization_url ⇒ String
Redirect URL if JWT token is required but not present or is expired. Implement
authorizationUrl of securityDefinitions in OpenAPI spec.
Corresponds to the JSON property authorizationUrl
123 124 125 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 123 def @authorization_url end |
#id ⇒ String
The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id
. Example: "bookstore_auth".
Corresponds to the JSON property id
129 130 131 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 129 def id @id end |
#issuer ⇒ String
Identifies the principal that issued the JWT. See https://tools.ietf.org/html/
draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email
address. Example: https://securetoken.google.com Example: 1234567-compute@
developer.gserviceaccount.com
Corresponds to the JSON property issuer
137 138 139 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 137 def issuer @issuer end |
#jwks_uri ⇒ String
URL of the provider's public key set to validate signature of the JWT. See
OpenID Discovery. Optional if the key set document: - can be retrieved from
OpenID Discovery
of the issuer. - can be inferred from the email domain of the issuer (e.g. a
Google service account). Example: https://www.googleapis.com/oauth2/v1/certs
Corresponds to the JSON property jwksUri
147 148 149 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 147 def jwks_uri @jwks_uri end |
#jwt_locations ⇒ Array<Google::Apis::ServiceconsumermanagementV1beta1::JwtLocation>
Defines the locations to extract the JWT. JWT locations can be either from
HTTP headers or URL query parameters. The rule is that the first match wins.
The checking order is: checking all headers first, then URL query parameters.
If not specified, default to use following 3 locations: 1) Authorization:
Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default
locations can be specified as followings: jwt_locations: - header:
Authorization value_prefix: "Bearer " - header: x-goog-iap-jwt-assertion -
query: access_token
Corresponds to the JSON property jwtLocations
159 160 161 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 159 def jwt_locations @jwt_locations end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
166 167 168 169 170 171 172 173 |
# File 'generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb', line 166 def update!(**args) @audiences = args[:audiences] if args.key?(:audiences) @authorization_url = args[:authorization_url] if args.key?(:authorization_url) @id = args[:id] if args.key?(:id) @issuer = args[:issuer] if args.key?(:issuer) @jwks_uri = args[:jwks_uri] if args.key?(:jwks_uri) @jwt_locations = args[:jwt_locations] if args.key?(:jwt_locations) end |